主题
模板
基本结构
nginx
... #全局块
events { #events块
...
}
http #http块
{
... #http全局块
server #server块
{
... #server全局块
location [PATTERN] #location块
{
...
}
location [PATTERN]
{
...
}
}
server
{
...
}
... #http全局块
}配置 ssl
nginx
server {
listen 443 ssl http2;
server_name www.example.com;
ssl_certificate /etc/nginx/certs/cert.pem;
ssl_certificate_key /etc/nginx/certs/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
# ...
}代理静态页面
nginx
server {
# ...
location / {
root /usr/share/nginx/html;
index index.html;
}
}反向代理
nginx
server {
location /proxy/test/ {
proxy_pass http://localhost:8091/test/;
# CORS(always 确保在 4xx/5xx 下也返回)
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Methods "GET,POST,HEAD,PUT,DELETE,OPTIONS" always;
add_header Access-Control-Allow-Credentials "true" always;
add_header Access-Control-Allow-Headers "Authorization,Content-Type" always;
# 转发头(保留客户端信息)
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 超时(可按需调整)
proxy_connect_timeout 100s;
proxy_send_timeout 100s;
proxy_read_timeout 100s;
# 简单处理浏览器预检请求
if ($request_method = "OPTIONS") {
return 204;
}
}
}重定向
将 HTTP 重定向到 HTTPS
nginx
server {
listen 80;
listen [::]:80;
server_name www.example.com;
location ^~ / {
return 301 https://$server_name$request_uri;
}
}
# or
server {
listen 80;
server_name www.example.com;
location / {
return 301 https://$host$request_uri;
}
}url 重定向
nginx
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}某页面禁止访问 404
nginx
server {
location = / {
return 404;
}
}